Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7b465e0a by Moritz Muehlenhoff at 2026-06-01T23:26:49+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -45,21 +45,25 @@ CVE-2026-48839 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2026-48559 (Lightweight Music Server (LMS) though 3.76.0 contains a stored
cross-s ...)
NOT-FOR-US: Lightweight Music Server (LMS)
CVE-2026-48210 (An improper default configuration in OTRS 2026.3.1 causes
ticket artic ...)
- TODO: check
+ NOT-FOR-US: OTRS
CVE-2026-48209 (An improper neutralization of user-controllable input in OTRS
or ((OTR ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Could possibly affect Znuny, we'll let their security team figure
it out
CVE-2026-48208 (An improper neutralization of active SVG content in OTRS or
((OTRS)) C ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Could possibly affect Znuny, we'll let their security team figure
it out
CVE-2026-48191 (An incorrect handling of permissions in STORM powered by OTRS
and in O ...)
- TODO: check
+ NOT-FOR-US: OTRS
CVE-2026-48190 (An incorrect handling of permissions in OTRS External
Interface and th ...)
- TODO: check
+ NOT-FOR-US: OTRS
CVE-2026-48189 (An improper Input Validation vulnerability in OTRS Customer
Backend mo ...)
- TODO: check
+ NOT-FOR-US: OTRS
CVE-2026-48188 (An improper Input Validation vulnerability in OTRS or ((OTRS))
Communi ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Could possibly affect Znuny, we'll let their security team figure
it out
CVE-2026-48187 (An uncontrolled allocation of resources without limits or
throttling i ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Could possibly affect Znuny, we'll let their security team figure
it out
CVE-2026-47294 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
NOT-FOR-US: Microsoft
CVE-2026-46605 (Incomplete authorization by Apache ActiveMQ server before
versions v6. ...)
@@ -247,7 +251,7 @@ CVE-2026-30963 (Capsule is a multi-tenancy and policy-based
framework for Kubern
CVE-2026-27788 (Incorrect permission assignment for critical resource issue
exists in ...)
NOT-FOR-US: ServerView Agents for Windows
CVE-2026-25600 (The PDBM application relies on a static, hard\u2011coded
secret embedd ...)
- TODO: check
+ NOT-FOR-US: Trac PDBM
CVE-2026-25599 (Missing authentication and clear\u2011text transmission of
data from t ...)
TODO: check
CVE-2026-23638 (Kiteworks is a private data network (PDN). Prior to version
9.3.0, an ...)
@@ -265,7 +269,7 @@ CVE-2026-20453 (In geniezone, there is a possible out of
bounds write due to a m
CVE-2026-20452 (In wlan AP driver, there is a possible memory corruption due
to a heap ...)
NOT-FOR-US: MediaTek
CVE-2026-10533 (A flaw was found in OpenShift Container Platform. Completed
pods with ...)
- TODO: check
+ NOT-FOR-US: OpenShift
CVE-2026-10532 (Deserialization of untrusted data vulnerability in QOS.CH Sarl
logback ...)
TODO: check
CVE-2026-10517 (A flaw was found in Clair. The fetcher component makes
outbound HTTP r ...)
@@ -279,27 +283,27 @@ CVE-2026-10281 (A weakness has been identified in
Enderfga claw-orchestrator up
CVE-2026-10280 (A security flaw has been discovered in horizon921 mcpilot
0.1.0. The i ...)
TODO: check
CVE-2026-10279 (A vulnerability was identified in hiraishikentaro wezterm-mcp
0.1.0. T ...)
- TODO: check
+ NOT-FOR-US: wezterm-mcp
CVE-2026-10278 (A vulnerability was determined in ishayoyo excel-mcp up to
1.0.2. Impa ...)
- TODO: check
+ NOT-FOR-US: excel-mcp
CVE-2026-10277 (A vulnerability was found in j3k0 mcp-google-workspace up to
831790e7d ...)
- TODO: check
+ NOT-FOR-US: mcp-google-workspace
CVE-2026-10276 (A vulnerability has been found in hekmon8 Jenkins-server-mcp
0.1.0. Th ...)
- TODO: check
+ NOT-FOR-US: Jenkins-server-mcp
CVE-2026-10275 (A flaw has been found in OpenSC up to 0.26.1. This affects the
functio ...)
TODO: check
CVE-2026-10274 (A vulnerability was determined in indrasishbanerjee
aem-mcp-server up ...)
- TODO: check
+ NOT-FOR-US: aem-mcp-server
CVE-2026-10273 (A vulnerability was found in php-censor up to 2.1.6. This
affects an u ...)
TODO: check
CVE-2026-10272 (A vulnerability has been found in a4m4
Student-Management-System up to ...)
- TODO: check
+ NOT-FOR-US: a4m4 Student-Management-System
CVE-2026-10271 (A flaw has been found in a4m4 Student-Management-System up to
f0c5f684 ...)
- TODO: check
+ NOT-FOR-US: a4m4 Student-Management-System
CVE-2026-10270 (A vulnerability was detected in D-Link DI-7001 MINI up to
19.09.19A1. ...)
NOT-FOR-US: D-Link
CVE-2026-10269 (A security vulnerability has been detected in decolua 9router
up to 0. ...)
- TODO: check
+ NOT-FOR-US: 9router
CVE-2026-10268 (A weakness has been identified in janet-lang janet up to
1.41.0. This ...)
TODO: check
CVE-2026-10267 (A security flaw has been discovered in janet-lang janet up to
1.41.0. ...)
@@ -385,15 +389,15 @@ CVE-2026-10226 (A flaw has been found in raisulislamg4
student_management_system
CVE-2026-10225 (A vulnerability was detected in raisulislamg4
student_management_syste ...)
TODO: check
CVE-2026-10224 (A security vulnerability has been detected in NousResearch
hermes-agen ...)
- TODO: check
+ NOT-FOR-US: aem-mcp-server
CVE-2026-10223 (A weakness has been identified in NousResearch hermes-agent up
to 2026 ...)
- TODO: check
+ NOT-FOR-US: aem-mcp-server
CVE-2026-10222 (A security flaw has been discovered in NousResearch
hermes-agent up to ...)
- TODO: check
+ NOT-FOR-US: aem-mcp-server
CVE-2026-10221 (A vulnerability was identified in NousResearch hermes-agent up
to 0.12 ...)
- TODO: check
+ NOT-FOR-US: aem-mcp-server
CVE-2026-10220 (A vulnerability was determined in NousResearch hermes-agent up
to 2026 ...)
- TODO: check
+ NOT-FOR-US: aem-mcp-server
CVE-2026-10219 (A vulnerability was found in nextlevelbuilder GoClaw up to
3.11.3. Thi ...)
TODO: check
CVE-2026-10218 (A vulnerability has been found in nextlevelbuilder GoClaw up
to 3.11.3 ...)
@@ -401,19 +405,19 @@ CVE-2026-10218 (A vulnerability has been found in
nextlevelbuilder GoClaw up to
CVE-2026-10217 (A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3.
The imp ...)
TODO: check
CVE-2026-10216 (A vulnerability was detected in unitedbyai droidclaw up to
0.5.3. The ...)
- TODO: check
+ NOT-FOR-US: droidclaw
CVE-2026-10215 (A security vulnerability has been detected in Dolibarr ERP CRM
up to 2 ...)
NOT-FOR-US: Dolibarr
CVE-2026-10214 (A weakness has been identified in zhayujie chatgpt-on-wechat
up to 2.0 ...)
- TODO: check
+ NOT-FOR-US: chatgpt-on-wechat
CVE-2026-10213 (A security flaw has been discovered in AstrBotDevs AstrBot
4.23.6. Thi ...)
- TODO: check
+ NOT-FOR-US: AstrBotDevs AstrBot
CVE-2026-10212 (A vulnerability was identified in AstrBotDevs AstrBot 4.24.2.
This aff ...)
- TODO: check
+ NOT-FOR-US: AstrBotDevs AstrBot
CVE-2026-10211 (A vulnerability was determined in AstrBotDevs AstrBot 4.23.6.
Affected ...)
- TODO: check
+ NOT-FOR-US: AstrBotDevs AstrBot
CVE-2026-10210 (A vulnerability was found in AstrBotDevs AstrBot 4.23.6.
Affected by t ...)
- TODO: check
+ NOT-FOR-US: AstrBotDevs AstrBot
CVE-2026-10209 (A vulnerability has been found in code-projects Online
Hospital Manage ...)
NOT-FOR-US: code-projects
CVE-2026-10208 (A flaw has been found in code-projects Online Hospital
Management Syst ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b465e0aa638e6a8bd2d9be6067cd094419edfde
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b465e0aa638e6a8bd2d9be6067cd094419edfde
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
